|
IEC 62351 is a standard developed by WG15 of IEC TC57. This is developed for handling the security of TC 57 series of protocols including IEC 60870-5 series, IEC 60870-6 series, IEC 61850 series, IEC 61970 series & IEC 61968 series. The different security objectives include authentication of data transfer through digital signatures, ensuring only authenticated access, prevention of eavesdropping, prevention of playback and spoofing, and intrusion detection. ==Standard details== * ''IEC 62351-1'' — Introduction to the standard * ''IEC 62351-2'' — Glossary of terms * ''IEC 62351-3'' — Security for any profiles including TCP/IP. * * TLS Encryption * * Node Authentication by means of X.509 certificates * * Message Authentication * ''IEC 62351-4'' — Security for any profiles including MMS (e.g., ICCP-based IEC 60870-6, IEC 61850, etc.). * * Authentication for MMS * * TLS (RFC 2246)is inserted between RFC 1006 & RFC 793 to provide transport layer security * ''IEC 62351-5'' — Security for any profiles including IEC 60870-5 (e.g., DNP3 derivative) * * TLS for TCP/IP profiles and encryption for serial profiles. * ''IEC 62351-6'' — Security for IEC 61850 profiles. * * VLAN use is made as mandatory for GOOSE * * RFC 2030 to be used for SNTP * ''IEC 62351-7'' — Security through network and system management. * * Defines Management Information Base (MIBs) that are specific for the power industry, to handle network and system management through SNMP based methods. * ''IEC 62351-8'' — Role-based access control. * * Covers the access control of users and automated agents to data objects in power systems by means of role-based access control (RBAC). * ''IEC 62351-9'' — Key Management * * Describes the correct and safe usage of safety-critical parameters, e.g. passwords, encryption keys. * * Covers the whole life cycle of cryptographic information (enrollment, creation, distribution, installation, usage, storage and removal). * * Methods for algorithms using asymmetric cryptography * * * Handling of digital certificates (public / private key) * * * Setup of the PKI environment with X.509 certificates * * * Certificate enrollment by means of SCEP / CMP * * * Certificate revocation by means of CRL / OCSP * * A secure distribution mechanism based on GDOI and the IKEv2 protocol is presented for the usage of symmetric keys, e.g. session keys. * ''IEC 62351-10'' — Security Architecture * * Explanation of security architectures for the entire IT infrastructure * * Identifying critical points of the communication architecture, e.g. substation control center, substation automation * * Appropriate mechanisms security requirements, e.g. data encryption, user authentication * * Applicability of well-proven standards from the IT domain, e.g. VPN tunnel, secure FTP, HTTPS * ''IEC 62351-11'' — Security for XML Files * * Embedding of the original XML content into an XML container * * Date of issue and access control for XML data * * X.509 signature for authenticity of XML data * * Optional data encryption 抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「IEC 62351」の詳細全文を読む スポンサード リンク
|